search

ClearURLs / Addon

ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
http://docs.clearurls.xyz
GNU Lesser General Public License v3.0
4.02k stars 110 forks source link

Link used to validate phone number from Steam is broken when ClearURLs is enabled #97

Open synthead opened 3 years ago

synthead commented 3 years ago

The phone number verification links sent to an email after adding a phone number to Steam is broken when ClearURLs is enabled.

Steps to reproduce

  1. Have a Steam account linked to an email

    From Android:

  2. Install Steam client on Android
  3. Open the menu
  4. Tap Steam Guard
  5. Tap Add Authenticator
  6. Add a phone number and tap Add phone

    From Firefox:

  7. Have Firefox ready with ClearURLs installed.
  8. Open your web email client
  9. Find the email sent from Steam
  10. Click on the ADD PHONE NUMBER button
  11. Observe that steampowered.com displays an invalid link error in the browser
  12. Disable ClearURLs add-on
  13. Click on ADD PHONE NUMBER button
  14. Observe that steampowered.com registers the phone number successfully

Version tested

securingmom commented 3 years ago

Problematic missing step necessary to reproduce

1b. volunteer an "acceptable" mobile number to Steam

rant-on There is no good reason for Steam to require cross checking a certain database to 'verify' the number you own is attached to a mobile phone provider. Plenty of services are capable of extending SS7-like features to other flavors of numbers. SMS Text is no longer the exclusive province of mobile phone providers. Steam 2FA ought include XMPP JID. rant-off